diff --git a/scripts/ssh-server-check.sh b/scripts/ssh-server-check.sh index c4ecbbe..f14da96 100755 --- a/scripts/ssh-server-check.sh +++ b/scripts/ssh-server-check.sh @@ -37,7 +37,7 @@ prompt_user() { local prompt="${2:-Prompt for the user}" full_prompt_msg="$title: $prompt" - echo -n -e "$YELLOW_BANG $full_prompt_msg" + echo -n -e "$YELLOW_BANG $full_prompt_msg" read -p " (y/n) " -n 1 -r echo } @@ -52,9 +52,9 @@ update_prompt() { echo -en "\e[1A\r\e[K" if [[ "$msg" != "$full_prompt_msg" ]]; then - echo -e "$icon $msg" + echo -e "$icon $msg" else - echo -e "$icon $msg $REPLY" + echo -e "$icon $msg $REPLY" fi } @@ -123,12 +123,21 @@ check_ssh_config_files() { printf "%-6s %-20s %-6s %s\n" "STATUS" "KEY" "PERMS" "PATH" row_process "hostkey" - row_process "hostcertificate" + row_process "hostcertificate" + case "$status" in + missing) + prompt_user "SSH Host" "SSH host cert missing. Sign the ssh host cert?" + if [[ $REPLY =~ ^[Yy]$ ]]; then + sign_host_cert + update_prompt $GREEN_CHECK "Signed ssh host cert" + else + update_prompt $RED_X + fi + ;; + esac row_process "trustedusercakeys" case "$status" in - success) return ;; missing) - # Do something if trustedusercakeys is missing prompt_user "User CA" "Created the trusted keys file?" if [[ $REPLY =~ ^[Yy]$ ]]; then (step ssh config --roots > "$path") @@ -137,7 +146,6 @@ check_ssh_config_files() { update_prompt $RED_X fi ;; - unconfigured) return;; esac } @@ -197,7 +205,7 @@ restart_sshd() { fi else local sshd_pid=$(systemctl show --property MainPID --value sshd) - echo -e "$GREEN_CHECK sshd.service is active on PID: $sshd_pid" + echo -e "$GREEN_CHECK sshd.service is active on PID: $sshd_pid" fi } @@ -211,6 +219,3 @@ check_ssh_config_files echo echo "Host key fingerprint" ssh_fingerprint hostkey - -# prompt_user -# auto_update_prompt